Social-networking sites must protect privacy

How many times have you changed your privacy settings on a social-networking site?

If you've lost track, you're not alone.

Nor are you alone in your nagging fear that your private information, or that of your child, is lurking out there despite your best efforts - because it very well may be.

Social-networking sites routinely "update" their privacy settings, making it difficult for users to keep track of their own personal information. That's good business for them - their revenue depends on giving advertisers access to as much user information as possible - but it's bad for those of us who care about privacy.

No one should be confused about the security of their own personal information. It's a safety issue as well - if businesses have easy access to where you live and how to contact you, so do identity thieves and stalkers.

A bill in the Legislature, SB242 by state Sen. Ellen Corbett, D-San Leandro, would establish privacy guidelines for social-networking sites like Facebook, Twitter and Match.com. Sites would have to set defaults to private so that users themselves could choose which information to make public. It would also allow users to establish their privacy settings when they register to join sites, rather than after they have set up an account and profile.

Finally, it would require sites to remove personally identifying information within 48 hours of a user request - or a parent's request, if the user is under the age of 18.

Corbett says the bill is necessary because people want to preserve their privacy. "People are very, very concerned when they find out that their personal information can be disclosed to anyone at all on the Internet," Corbett said in an interview. "So many people believe that their personal information is theirs, and should not be shared with a third party unless that permission is specifically granted. And it's widely known that identity theft is a huge problem."

Companies that run the sites don't agree with her characterization. A coalition including Facebook, Skype, Yahoo, Twitter, Google and eHarmony sent Corbett a letter encouraging a "no" vote on her bill. The companies say that the bill is unnecessary because two-thirds of users already adjust their privacy settings and that it "would dramatically limit social-networking sites' growth potential in California by imposing additional operating costs and raising barriers to consumer participation in social-networking services, all while exposing those services to massive and unwarranted civil liability."

SB242 isn't perfect. Giving the sites only 48 hours to scrub individual users' data would certainly be burdensome, and it could be confusing for users to try to decide what their privacy settings should be before they've had a chance to use the service.

But the idea that it would prevent people from signing up for social networks, present a "serious threat to the viability of California's Internet commerce companies" and "interfere with the right to freedom of speech" - all of which is alleged in the coalition's letter - that idea is simply not serious.

As social networking pervades our lives, government officials are finally starting to get serious about privacy. Should SB242 pass, it would be the first such law in the nation but not the last. And in Washington, officials are paying attention too - this week, executives from Apple, Google and Facebook appeared before the Senate Commerce Committee to explain their reasons for collecting and storing customer information on mobile platforms. Once again, they claimed that privacy was important to them. Our leaders need to be skeptical.

As social-networking sites grow and develop in importance, their responsibilities grow as well. And if they don't provide users with the privacy that they need, then government officials must step in.